TOTP Settings for Persons
iSecurity Multi-Factor Authentication supports the use of Time-based One-Time Password (TOTP) authenticators in accordance with RFC 6238.
Supported TOTP authenticators include Google Authenticator, Microsoft Authenticator, IBM Verify, ReinerSCT Authenticator, and any TOTP application that adheres to the RFC 6238 standard is supported.
1. Create a Class for MFA TOTP
Select 1. Classes from the Definitions screen (STRMFA > 21). The Work with Classes screen appears. Press F6=Add new, and the Add New Class screen appears. Define TOTP as an Authentication Factor in MFA as shown below:
| Add New Class Class . . . . . . . . . . . TOTP Text . . . . . . . . . . . USE TOTP IN MFA MFA Preferred device . . . E N=No MFA, C=Cell, E=Email, S=Screen If no screen, prefer . . . E C=Cell, E=Email Restrict Emails to domain . Allow OTP instead of TOTP . N Y=Yes, N=No OAuth2/OpenID Add't Authentication Factor OTP TOTP Qstn App API Device Auth.C Radius Use 1-9 to specify MFA. . 1 Priority (1=Highest) AOD. . Blank=Do not use P-R. . If API, MFA provider . . . DUO, OKTA, PINGID... Private questions Number of private questions 0 0-10 Maximum retries 3 0=*NOMAX Wait before next attempt . 60 1-999 seconds (999=No retry) Password-Reset Verify user by . . . . . . N=No verify, C=Cell, E=Email, M=MFA Get new password by . . . . S=Screen, C=Cell, E=Email, N=Enter Reset your password by . . 1 1=New pwd, 2=Enable UsrPrf, 9=Select Password must be changed in 10 1-999 minutes (999=*NOMAX) F3=Exit |
Press Enter twice.
2. Edit the Person's Class to TOTP
Select 1. Persons Information from the Persons screen (STRMFA > 1). The Work with Persons screen appears.
If the Person is already defined, select the Person using option 1=Work with. The Modify Person screen appears.
If the Person is not yet defined, press F6=Add new to create a new entry. The Add New Person screen appears.
In the Modify Person/Add New Person screen, set the Class field to the TOTP Class defined earlier as shown below:
| Screen 1/2 Modify Person Person . . . . . . . . . PEPE IP-Group . . . . . . . . External ID . . . . . . . Class . . . . . . . . . . TOTP Name, *DFT, *NEVER Default User ID. . . . . PEPE ID. Number 555 Birth date 010101 Cell phone 444444444 F4=SMS provider Email address VV Employee number 5555 Family name CUEVAS First name PEPINO Preferred language ENG Office phone Last update / used . . . 2023-11-13 19:55:20 / 2025-03-23 16:57:18 F3=Exit F4=Prompt F12=Cancel |
Press Enter three times.
3. Define the TOTP Secret Key
Select 1. Persons Information from the Persons screen (STRMFA > 1). The Work with Persons screen appears.
Select the relevant Person with option 8=TOTP. The Work with TOTP Secret Key for [Person's Name] pop-up window appears.
| Work with Persons Subset by text . . . . by User Profile. Type options, press Enter. by TOTP Qst MFA Y,N,S 1=Work with 3=Rename 4=Delete 7=Questions 8=TOTP 9=MFA Opt Person ..................................................... : Work with TOTP Secret Key for PEPE : : *Key does not exist* : : 1. Create/Replace TOTP Secret Key : : 2. Recreate Emergency Tokens : : 3. Display Key and Emergency Tokens : : 4. Display QR code : : 5. Send Link for Key and Emergency Tokens : : : : Selection : : : : F12=Cancel : :...................................................: 8 PEPE CUEVAS PEPINO 6 Yes More... F3=Exit F6=Add new F12=Cancel |
From the menu, select 1. Create/Replace TOTP Secret Key. The Create New TOTP Secret Key for [Person's Name] pop-up window appears.
| Work with Persons Subset by text . . . . by User Profile. Type options, press Enter. by TOTP Qst MFA Y,N,S 1=Work with 3=Rename 4=Delete 7=Questions 8=TOTP 9=MFA Opt Person ..................................................... : Work with TOTP Secret Key for PEPE : : .............................................................. : : Create New TOTP Secret Key for PEPE : : : : : : Current key . . . * TOTP Secret Key is not defined * : : : : : : New key . . . . . : : : Press F6 to generate new key or type it manually : : : Valid characters are: letters A-Z and digits from 2 to 7 : : : : : : Email new key . . Y Y=Yes, N=No : : : : : Press Enter to update, F12 to Cancel. : PEPE : : : F12=Cancel F3=Exit F6=Generate new key : F3=Exit F6= :............................................................: |
You can either enter a custom TOTP Secret Key or press F6 to generate a random key.
NOTE: Valid characters are uppercase letters A–Z and digits 2–7 only.
Press Enter twice.
If a Tomcat server is configured for MFA, an email will be sent to the Person containing a link to the Web Application used to register the TOTP key.
If a Tomcat server is not in use, manually send the generated TOTP Secret Key to the Person for manual registration in their TOTP application.
4. Install the TOTP Authenticator on Mobile Device
The Person must download and install a TOTP Authenticator application on their mobile device from the appropriate app store (Google Play Store or Apple App Store).
5. Register the TOTP Secret Key in the Authenticator Application
The Person must open the TOTP Authenticator application installed on their mobile device and create a new entry using one of the following methods:
Enter a setup key manually (TOTP Secret Key previously defined).
Scan a QR code (available only if the Web Application is installed).
The QR code can be obtained in one of the following ways:
From the email sent automatically after the key was created.
By selecting 4. Display QR code in the menu of option 8=TOTP for the Person from the Persons Information screen.
This step registers the TOTP key on the mobile device and enables the generation of verification codes used during authentication.